In the Claims 

1 . (Original) A graphical user interface for representing and facilitating user manipulation of access 
control settings for a resource comprising: 

one or more display regions for graphical representations of access control settings for the 
resource which resuh from transformations applied to the structured data which defines the 
access control settings for the resource; and 

one or more display regions for representation of the resource; 

wherein the set of display regions for representations of the settings and the display region for 

representation of the resource appear to the operator as in an integrated graphical user interface. 

2. (Original) The graphical user interface of claim 1, wherein one or more functions modify the spatial 
layout of the display regions. 

3. (Original) The graphical user interface of claim 1, wherein one or more fiinctions modify the 
number of the display regions. 

4. (Original) The graphical user interface of claim 1, wherein one or more functions modify the 

transformations that are applied to the structured data. 

5. (Original) The graphical user interface of claim 1, wherein a user is graphically represented by a 
display element comprising, at least in part, a likeness of the user. 

6. (Original) The graphical user interface of claim 5, wherein the likeness comprises, at least in part, a 
digital photograph, processed by a method including at least one step selected from the set of: adjusting 
image color saturation toward a predetermined target saturation level; converting to grayscale; 
adjusting image brightness toward a predetermined target brightness level; adjusting image contrast 
toward a predetermined target contrast level; 

adjusting image sharpness toward a predetermined target sharpness level; and masking with a shape 
selected from a set comprising ovals and outlines of a bust. 

7. (Previously presented) The graphical user interface of claim 1, wherein the set of display regions 
further comprises: 
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a display region for a graphical representation of a set of groups, users and roles and their 
respective access privileges as defined by existing structured data for the resource; and 

a display region for a graphical representation of the result of transforming the set of groups and 
users and their respective access privileges into a corresponding set of individual users only and 

their respective effective access privileges. 

8. (Original) The graphical user interface of claim 1, further comprising a first display region for a 
graphical representation of at least one set of known users and groups, wherein the operator can 
designate indicia for the known users and groups and visually associate the designated indicia with a 
second display region to change the structured data which defines the access control settings for the 
resource. 

9. (Original) The graphical user interface of claim 8, wherein the first display region is reduced in size 
until activated by the user, and the first display region is increased in size upon activation. 

10. (Original) A graphical user interface for representing access log information and access control 
settings for a resource, wherein at least one display region contains a graphical representation of a set 
comprising one or more individual users, and wherein each of the individual users is graphically 

represented by a visual clement which comprises: 

the identity of the individual user having read privilege for the resource; and 

a differing visual element for indicating that the user has write privilege for the resource; and 

one or more of the following visual elements: 

the time of the most recent read access by the user to the resource; 
the time of the most recent write access by the user to the resource; 

indication whether the most recent write access by the user to the resource is the most recent 

write access by any user to the resource; 

indication whether the most recent read access by the user to the resource has been before the 
most recent write access by any user to the resource; 

indication whether the most recent read access by the user to the resource has been since the 
most recent write access by any user to the resource; and 
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indication whether the user currently is without read privilege for the resource. 

1 1 . (Original) The graphical user interface of claim 10, wherein the set of individual users consists of: 
the set of users who have any access privilege at all for the resource; and the set of users who have 
accessed the resource in the past although they currently are without any access privilege for the 

resource. 

12. (Original) The graphical user interface of claim 10, further comprising a display region for a 
representation of the resource, wherein the display region for representation of the set of users and the 
display region for representation of the resource appear to the operator as an integrated graphical user 
interface. 

13. (Original) A graphical user interface for representing access privileges for a user for one or more 
member resources in a collection of resources, wherein at least one display region contains a navigable 
structured graphical representation of the collection of resources, and wherein each member resource is 
graphically represented by a visual element which identifies the resource and which, by applying a 
predetermined set of steps, indicates the user's effective access privileges for the resource by variations 
in at least one appearance parameter selected from the set comprising: indicative icons; color; 
transparency; height; width; and font parameters, and wherein in the visual element representing the 
resource can be designated by the operator, regardless of variations in appearance, and wherein 
dynamic graphic feedback for a visual element designated by the operator indicates information 
comprising the identity of the selected resource; and dynamic graphical feedback for a resource 
approached for being designated by the operator indicates information comprising the identity of the 
approached resource. 

14. (Original) The graphical user interface of claim 13, wherein the collection of resources is 
organized as a hierarchy of resources and the navigable structured graphical representation is a 
graphical tree. 

15. (Original) The graphical user interface of claim 13, wherein the collection of resources is a set of 

resources and the navigable structured graphical representation is a table view. 

16. (Original) The graphical user interface of claim 13, wherein the variations in appearance comprise 
a reduction in height for each resource for which the user is without any access privilege and the 
dynamic graphical feedback comprises using regular height for indicating identity. 
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17. (Original) A graphical user interface for representing a set of a variable number of items in limited 
display space comprising: a visible region, a virtual plane, and overflow indicators, wherein each of the 
represented items is graphically represented by a predetermined visual element; each of the visual 
elements is positioned in the virtual plane; the virtual plane is masked by the visible region, permitting 
display of only a part of the virtual plane; the overflow indicators are located inside the visible region; 
the overflow indicators are located near such edges of the visible region beyond which more of the item 
displays are not visible; the number of overflow indicators is zero in case all of the item displays fit 
inside the visible region; a plurality of functions are implemented which change the position of the 
virtual plane relative to the visible region; a context dependent subset of the functions is available for 
selection by the operator for immediate and subsequent use; the visible region remains constant in size 
and shape, even when the number and locations of the overflow indicators are changing; and the 
overflow indicators are graphically represented by using at least one method selected fi-om the group of 
transparency, color change, saturation change, brightness change and anti-aliasing, whereby there is a 
smooth transition between the appearance of the user interface when all items fit and the appearance 
when there is overfiow. 

18. (Original) The graphical user interface of claim 17, wherein the item displays are predominantly 
of low color saturation; and the overfiow indicators are of distinctively higher color saturation, 
whereby the operator is visually alerted in case there is overfiow. 

1 9. (Original) The graphical user interface of claim 17, wherein the overflow indicators near an edge 
of the visible region by variations in their graphical appearance convey information about the number 
of the item displays which are not visible. 

20. (Original) The graphical user interface of claim 17, wherein the represented items are entities that 
have access privileges for a resource. 

21 . (Currently amended) A user interface for representing and manipulating access control settings for 
a resource, comprising structured data representing access control settings for the resource, and stored 
executable macros for invoking steps to manipulate the structured data, wherein the structured data also 
contains data that results fi'om expansion of one or more of the macros. 

22. (Previously presented) A method for controlling access to one or more elements fi-om a document 
encoded in a markup language, comprising the steps of: 
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(a) determining the identity of a user attempting to access the document; 

(b) processing the document by 

(1) parsing elements of the document, comprising an evaluation of access control function 
attributes which may be present within an element using attribute values that reference 
resources to determine access privileges of the determined user for the referenced resources; 
and 

(2) permitting or denying access to the element based on the determined access privileges. 

23. (Original) The method of claim 22, comprising the additional step of creating copies of the 
encoded documents and transmitting the copies to the accessing user, wherein the original encoded 
documents are not modified by the processing step. 

24. (Original) A method for access control to resources wherein the step of permitting access to a 
resource comprises evaluation of whether a user has the right to access a resource that references the 
requested resource, and is currently accessing the referencing resource, and if so, permitting access to 
the requested resource. 

25. (Original) A system for access control for resources in a branching hierarchy of resources, 
comprising structured data that defines access control settings for a resource which may optionally 
contain references to other resources within the hierarchy of resources; wherein access control settings 
of the referenced other resources are merged by a predetermined algorithm with the structured data to 
determine effective access control settings. 

26. (Original) The system of claim 25, wherein the predetermined algorithm performs unions of sets 
of entities which make up the access control settings of the referenced other resources and 

corresponding sets of entities which are defined by the structured data. 

27. (Original) The system of claim 25, wherein inheritance within the hierarchy of resources defines 
access control settings for a resource for which there is no directly defining structured data, and a 
plurality of inheriting resources can share a single instance of defining structured data. 
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